Examining the vulnerabilities of Industrial Automation Control Systems (IACS)

An analysis of a real cyberattack on a Ukrainian energy distribution company

On December 23 2015, Ukrainian Kyivoblenergo, reported a service outage to their customers. Shortly after the report, it was discovered that three more energy distribution companies were also affected, in a large and coordinated attack that targeted Ukrainian energy critical infrastructure, causing energy outage to more than 225,000 customers across the Ukraine.

This whitepaper depicts the real incident of a cyberattack on this energy distribution company, to demonstrate how vulnerable Industrial Automation Control System (IACS) are without a clearly defined Supervisory Control and Data Acquisition (SCADA) cybersecurity system. It describes the incident and subsequent consequences to the nation followed by an in depth technical analysis of the phases throughout the incident. From this analysis, it details cybersecurity mitigation practices that could have prevented this incident.